SAN FRANCISCO--(BUSINESS WIRE)--RiskIQ, the company that enables organizations to detect and mitigate customer facing threats, today announced research findings it disclosed yesterday at the Healthcare Cyber Security Summit on the leading online threats to customers of health insurance providers. According to the report, websites hosted by external providers, excessive mobile app permissions and third party code libraries represent the biggest risks to users of health insurance web and mobile self-service tools. The full report is available here.
CLICK TO TWEET: .@RiskIQ report reveals top health insurance online threats at #NH-ISAC #healthcare cyber security summit http://bit.ly/1yf8stl
Health insurance providers are investing heavily in web and mobile app infrastructures to establish new customer touch points and gain a competitive edge in an increasingly competitive marketplace. This has created a host of new external facing security challenges for providers. To assess the top risks to customers, RiskIQ analyzed live data gathered from web and mobile resources accessible from the public web that are operated by dozens of the nation’s leading health insurance companies.
“New competitive pressures in healthcare are forcing insurance providers to expand their web and mobile self-service assets, which opens up new attack vectors for targeting customers that use them,” said Elias Manousos, CEO of RiskIQ. “These research findings provide a valuable benchmark for understanding and mitigating the top threats to insurance providers’ customers.”
Top Three Online Threats
Based on an analysis of live data
gathered by the global RiskIQ network from web and mobile assets
associated with dozens of the nation’s leading health insurance
providers, the top threats to customers are:
Websites Hosted by Third Parties
While
organizations typically rely on hosting partners to serve up websites,
this approach dramatically alters the chain of control and can undermine
efforts to enforce standardized security policies. The study found that
31 percent of health insurance websites are hosted by third party
providers.
Excessive Mobile App Permissions
Permissions
within mobile applications allow developers to pull personal data from a
user’s device. According to the research, typical healthcare
applications have 11 permissions. Of the company apps surveyed, nearly
50 percent gather location data, nearly 20 percent connect to external
storage, and almost 15 percent access contact lists.
Third-Party Code Libraries
Code
libraries developed by third-party providers are routinely used to add
functionality and shorten mobile app development times. In Google Play,
RiskIQ identified 12 separate libraries being used in applications
belonging to healthcare companies. The One to Many Connector Framework,
which is used to connect patient recorded data from digital health
applications, devices and wearables to healthcare providers like
wellness companies, hospitals and pharmaceutical companies, was present
in half of the applications.
About RiskIQ
RiskIQ detects online threats that exploit
customers and damage enterprise brands. The company discovers and
continuously analyzes web and mobile assets from the user perspective to
detect malware, fraud and brand infringements. RiskIQ’s cloud service is
used by eight of the 10 largest financial institutions in the U.S. and
five of the nine leading Internet companies in the world. The company is
headquartered in San Francisco and is backed by Battery Ventures and
Summit Partners. To learn more about RiskIQ, visit www.riskiq.com.